Open Tyrell20 opened 3 years ago
Hello, I am facing an issue to send alert on TheHive from my Splunk Instance. I followed the instruction in order to install and configure the TA with success, but when I try to set-up the trigger action from Splunk I do not get any result.
No error are stored from _internal index
Checking on splunkd.log I found errors below:
10-28-2020 17:59:44.863 +0100 ERROR AesGcm - error:00000000:lib(0):func(0):reason(0) 10-28-2020 17:59:44.863 +0100 ERROR AesGcm - AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 ERROR AesGcm - error:00000000:lib(0):func(0):reason(0) 10-28-2020 17:59:44.864 +0100 ERROR AesGcm - AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 ERROR Crypto - Decryption operation failed: AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 ERROR Crypto - Decryption operation failed: AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 WARN ConfigEncryptor - Decryption operation failed: AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 WARN ConfigEncryptor - Decryption operation failed: AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 ERROR AesGcm - error:00000000:lib(0):func(0):reason(0) 10-28-2020 17:59:44.864 +0100 ERROR AesGcm - AES-GCM Decryption failed!
In addition could you please help to understand why app has craeted two entry in password.conf when I inserted one API key?
Many thanks for your support.
sorry for very late reply - it is still current?
Unfortunately yes. I solved using an old version of TA. Probably the error is due to the incompatible version of Splunk installed.
Hello, I am facing an issue to send alert on TheHive from my Splunk Instance. I followed the instruction in order to install and configure the TA with success, but when I try to set-up the trigger action from Splunk I do not get any result.
No error are stored from _internal index
Checking on splunkd.log I found errors below:
10-28-2020 17:59:44.863 +0100 ERROR AesGcm - error:00000000:lib(0):func(0):reason(0) 10-28-2020 17:59:44.863 +0100 ERROR AesGcm - AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 ERROR AesGcm - error:00000000:lib(0):func(0):reason(0) 10-28-2020 17:59:44.864 +0100 ERROR AesGcm - AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 ERROR Crypto - Decryption operation failed: AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 ERROR Crypto - Decryption operation failed: AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 WARN ConfigEncryptor - Decryption operation failed: AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 WARN ConfigEncryptor - Decryption operation failed: AES-GCM Decryption failed! 10-28-2020 17:59:44.864 +0100 ERROR AesGcm - error:00000000:lib(0):func(0):reason(0) 10-28-2020 17:59:44.864 +0100 ERROR AesGcm - AES-GCM Decryption failed!
In addition could you please help to understand why app has craeted two entry in password.conf when I inserted one API key?
Many thanks for your support.